Skip to content

Commit 315b8b3

Browse files
DanielDentDanielDent
committed
Fixups; Changed startup logic (We need Nginx up for ACME HTTP challenge)
1 parent 9095a1f commit 315b8b3

File tree

4 files changed

+18
-24
lines changed

4 files changed

+18
-24
lines changed

Dockerfile

+1-2
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@ COPY services.d/nginx/* /etc/services.d/nginx/
1111
COPY services.d/simp_le/* /etc/services.d/simp_le/
1212
COPY nginx.conf /etc/nginx/
1313
COPY proxy.conf /etc/nginx/conf.d/default.conf
14-
COPY get-certificate.sh /etc/cont-init.d/
1514
COPY dhparams.pem /etc/nginx/
1615

1716
RUN DEBIAN_FRONTEND=noninteractive apt-get update -q \
@@ -48,7 +47,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update -q \
4847
&& rm ips-v6 ips-v4 \
4948
&& echo "---> Fixing permissions" \
5049
&& mkdir /certs \
51-
&& chmod +x /etc/services.d/*/* /etc/cont-init.d/get-certificate.sh \
50+
&& chmod +x /etc/services.d/*/* \
5251
&& echo "---> Cleaning up" \
5352
&& rm -Rf /var/lib/apt /var/cache/apt
5453

get-certificate.sh

-17
This file was deleted.

proxy.conf

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
upstream origin {
2-
server ${UPSTREAM:-upstream};
2+
server ${UPSTREAM:-127.0.0.1};
33
}
44

55
server {
@@ -11,7 +11,7 @@ server {
1111
# Performance + Privacy improvements
1212
ssl_stapling on;
1313
ssl_stapling_verify on;
14-
ssl_trusted_certificate /certs/server-fullchain.pem;
14+
ssl_trusted_certificate /certs/server-cert.pem;
1515
resolver 8.8.8.8 208.67.222.222 valid=300s;
1616
resolver_timeout 5s;
1717

services.d/simp_le/run

+15-3
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,26 @@
11
#!/usr/bin/with-contenv bash
22

3+
if [ -z "$SERVERNAME" ]; then
4+
echo "ERROR: Server name must be specified..."
5+
exit 1
6+
fi
7+
8+
echo Waiting for Nginx to come up...
9+
until wget -T 1 --tries 0 http://127.0.0.1/; do
10+
sleep 1s
11+
done
12+
echo Nginx has arrived.
13+
314
cd /certs
415

516
while true; do
617

7-
BIGSLEEP="$(( 360 + $(($RANDOM % 360)) ))"m # 6-12 hours
8-
9-
if /etc/cont-init.d/get-certificate.sh; then
18+
if simp_le --cert_key_size 2048 -d $SERVERNAME:/usr/share/nginx/html -f key.pem -f cert.pem -f fullchain.pem; then
19+
cp key.pem server-key.pem
20+
cp fullchain.pem server-cert.pem # Nginx needs the intermediate certificate along with the server cert.
1021
nginx -s reload
1122
else
23+
BIGSLEEP="$(( 360 + $(($RANDOM % 360)) ))"m # 6-12 hours
1224
sleep $BIGSLEEP
1325
fi
1426

0 commit comments

Comments
 (0)